[tor-relays] Filtering at Exit Node [was: Network Scan through Tor Exit Node (Port 80)]
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Thu Mar 3 11:29:11 UTC 2011
On 3/3/11 12:13 PM, Moritz Bartl wrote:
> Hi
>
> On 03.03.2011 11:43, mick wrote:
>> OK, so that idea may not be a runner - but surely the whole purpose of
>> the exit policy system is to allow us to run exit nodes which /do/
>> limit activity to that which we deem acceptable (or legal).
>
> Exactly. The *exit policy* is there to limit exit activity. Not iptables
> or "IDS" afterwards.
I know and fully understand your point, it's a controversial issue the
filtering or not at exit node level.
The TOR ExitPolicy provide a too reduced degree of flexibility to
properly fine tune the risks/exit policy decision of a person just
basing on IP/port and with a limitation on how many IP/port can be
allowed/filtered.
Still i would like to point out a *practical* feeling that i got from a
lot of person i tried to say "hey, run an exit node!".
Some person tried to run an exit node, then they got their internet
connection disconnected due to high number of claim.
Such person think that if they would be able to remove the claims that
cause their internet connection being cutted off, they would be happy to
run a server.
Some other person just does not run TOR exit node due to the perceived
and concrete risks that their node will be used to start cyber-attacks
and that they will have trouble because of this.
That person would be happy to support Freedom of Speech and fight for
anti-censorship in support to people living in non-free world.
At the same time they don't want to get involved in cyber attacks.
Some other person, like me, live in country where the justice and
judicial system is in a drammatic situation.
In italy if you have legal problem you will take between 5 up to 10
years to solve the issue.
In such condition I DO NOT WANT any traffic to go to italian networks,
because a stupid and dumb prosecutor would probably raise my home at
morning and i will have to manage 5-10 years of legal handling.
Unfortunately there's no way to create an exit policy that's able to
load the blocking destinated to a specific country (Tor just crash and
there's an issue about it due to the high number of ExitPolicy statements).
I think that all those issues are absolutely reasonable and
understandable and, if properly managed without a technology-taliban
approach, would allow a lot of more person to run exit node.
So still my goal is to test, implement, document and create howto to:
- Block P2P to avoid P2P related claims
- Block Portscan to avoid portscan related claims
- Block web attacks to avoid web attacks related claims
- Block traffic going to the country where i live to avoid stupid
prosecutor causing me 5-10 years of legal trouble
Yes, i understand that this is outside the concept of *perfect freedom*
related to TOR, but still it would be an answer to the many persons that
would be happy to run an Exit Node to support freedom of speech limiting
their risks, personal feeling and effort for maintance and running a TOR
node.
If that's something not acceptable for the community i accept to be
marked as a untrusted node, or rough node or whatever.
Still i think that this approach is reasonable and can create value for
the TOR project grow.
-naif
http://infosecurity.ch
More information about the tor-relays
mailing list